Guidelines for System Administrators

Introduction

This document is intended to provide guidelines to System Administrators working within the CU-Boulder network.

Computing System Administrators are individuals who, due to the nature of their job duties, are given the responsibility for ensuring the proper operation of IT resources they administer. These resources include shared systems, individual-use desktop and laptop systems, and networks and network equipment. This responsibility will be accompanied by the technical capability for performing system administration duties. To ensure proper system operation, these duties include activities such as viewing, inspecting, and modifying individual, system, and network files.

Responsibilities of Computer System Administrators at CU-Boulder

General Responsibilities:

Obtain and remain at an appropriate technical proficiency level with regard to technologies and best practices relevant to Information Technology.

Help educate users about their responsibilities as defined in the CU-Boulder Computing and Network Resource Policy.

Prepare and maintain security procedures that implement CU-Boulder and CU System policies

Develop procedures tailored to the local environment that address issues such as access control, backup and disaster recovery mechanisms, and continuous operation in case of power outages or other disruptions.

Take reasonable precautions to guard against and detect corruption, compromise, or destruction of IT resources. For systems and networks which he or she directly administer, system administrator activities may include: conducting security scans; conducting dictionary comparisons or otherwise checking password information related to system; and intercepting or inspecting information en route through the administered network for purposes of diagnosing system or network problems. Exceptions must be authorized by the appropriate campus officer in accordance with University and CU-Boulder policies.

Limit access to root or privileged supervisory accounts. In general, only system administrators should have access to such accounts. System users should generally not be given unrestricted access to root or privileged supervisory accounts. As with all accounts, authorization for root or privileged supervisory accounts must be approved in accordance with University and CU-Boulder policies.

Have an accurate and up-to-date job description that define the system administrator’s duties, scope of systems managed, and appropriate level of access.

Privacy and Ethical Responsibilities:

Behave ethically. Because of their job responsibilities, system administrators have special access to files and data that are controlled by individuals; this access confers the responsibility to take suitable precautions to respect the privacy of that content.

Treat the files of system users as private. During maintenance, updates, and repair, a system administrator may have incidental contact with user files, including electronic mail, in the course of performing of his or her duties. The contents of such files should be kept confidential except for alleged violations of law or policy.

Report violations of law and policy. If through normal maintenance or support activities the System Administrator sees data which is indicative of a violation of University Policy or federal, state, or local law, the administrator has a responsibility to report this information to the appropriate authority.